Vulnerabilities > Silverpeas

DATE CVE VULNERABILITY TITLE RISK
2023-12-13 CVE-2023-47320 Unspecified vulnerability in Silverpeas
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control.
network
low complexity
silverpeas
8.1
2023-12-13 CVE-2023-47321 Unspecified vulnerability in Silverpeas
Silverpeas Core 6.3.1 is vulnerable to Incorrect Access Control via the "Porlet Deployer" which allows administrators to deploy .WAR portlets.
network
low complexity
silverpeas
4.9
2023-12-13 CVE-2023-47322 Cross-Site Request Forgery (CSRF) vulnerability in Silverpeas
The "userModify" feature of Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) leading to privilege escalation.
network
low complexity
silverpeas CWE-352
8.8
2023-12-13 CVE-2023-47323 Unspecified vulnerability in Silverpeas
The notification/messaging feature of Silverpeas Core 6.3.1 does not enforce access control on the ID parameter.
network
low complexity
silverpeas
7.5
2023-12-13 CVE-2023-47324 Cross-site Scripting vulnerability in Silverpeas
Silverpeas Core 6.3.1 is vulnerable to Cross Site Scripting (XSS) via the message/notification feature.
network
low complexity
silverpeas CWE-79
5.4
2023-12-13 CVE-2023-47325 Unspecified vulnerability in Silverpeas
Silverpeas Core 6.3.1 administrative "Bin" feature is affected by broken access control.
network
low complexity
silverpeas
5.4
2023-12-13 CVE-2023-47326 Cross-Site Request Forgery (CSRF) vulnerability in Silverpeas
Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery (CSRF) via the Domain SQL Create function.
network
low complexity
silverpeas CWE-352
8.8
2023-12-13 CVE-2023-47327 Unspecified vulnerability in Silverpeas
The "Create a Space" feature in Silverpeas Core 6.3.1 is reserved for use by administrators.
network
low complexity
silverpeas
4.3
2019-04-09 CVE-2018-19586 Path Traversal vulnerability in Silverpeas
Silverpeas 5.15 through 6.0.2 is affected by an authenticated Directory Traversal vulnerability that can be triggered during file uploads because core/webapi/upload/FileUploadData.java mishandles a StringUtil.java call.
network
low complexity
silverpeas CWE-22
critical
9.0